300 likes | 546 Views
Encryption. A Brief Overview. Encryption. Encryption: Definition: mechanisms to disguise the message so that if the intermission is intercepted/diverted, the content of the message will not be understood. Impact: foundational building block to security-based computing. Terminology.
E N D
Encryption A Brief Overview CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Encryption • Encryption: • Definition: mechanisms to disguise the message so that if the intermission is intercepted/diverted, the content of the message will not be understood. • Impact: foundational building block to security-based computing CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Terminology • Scenario: • S wants to send the message T to R,where an outsider, O, wants the message and tries to access it. • S: Sender • R: Receiver • T: Transmission Medium • O: Interceptor or Intruder. • 4 ways O might try to access message. • Block it: prevent T from reaching R (availability) • Intercept it: read or listen to message (secrecy) • Modify it: obtaining message and changing it • Fabricate: generate an authentic-looking message to be delivered to R appearing to come from S CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Terminology • Encryption: process of encoding a message so that its meaning is not obvious • Decryption: transforming encrypted message back to its normal form • Encode/decode: translating phrases to other words or phrases • Encipher/decipher: translating letters or symbols individually. • Plaintext: original form of message: P = (p1,p2,…, pn) • Ciphertext: encrypted form of message: C = (c1,c2,…, cn) • Encryption/decryption relationships: • C = E(P); P = D(C); P = D(E(P)) CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Encryption Algorithms • Some encryption algs use a key K • C = E(K,P) • E is a SET of encryption algs • Key K selects specific one • Symmetric Encryption: P = D(K,E(K,P)) • encryption/decryption keys are the same • Asymmetric Encryption: P = D(KD,E(KE,P)) CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Key Original Plaintext Plaintext Ciphertext Encryption Decryption Encryption Key Decryption Key KE KD Original Plaintext Plaintext Ciphertext Encryption Decryption Pictorial Representation Symmetric Encryption: Asymmetric Encryption: CSE870: Advanced Software Engineering: Cheng (Sp 2002)
More Terms • Cryptography: (hidden writing) • Practice of using encryption to conceal text • Cryptanalyst: • Person who studies encryption and encrypted messages • Intent: find hidden meaning • Cryptographer and Cryptanalyst: • Both attempt to translate coded material to original form • Cryptographer: works on behalf of legitimate sender or receiver. • Cryptanalyst: Works on behalf of unauthorized interceptor • Cryptology: research/study into encryption/decryption • Includes cryptography and cryptanalysis. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Cryptanalysis • Objective: Break an encryption • Deduce the meaning of a ciphertext mesg • Determine decrypting algorithm that matches an encrypting algorithm • Possible techniques: • break single message • Recognize patterns in encrypted mesgs • break subsequent mesgs with straightforward decryption alg • Find general weaknesses in encryption alg • Without necessarily intercepting any mesgs • Tools: • Encrypted mesgs, known encryption algs, intercepted plaintext, data elements known/suspected of being in ciphertext, mathematical/statistical techniques, props of languages, computers, and luck CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Breakable Encryption • Encryption algorithm is BREAKABLE: • Given enough time and data, an analyst could determine the algorithm • Practicality is issue • For given cipher scheme, may have 1030 possible decipherments • Select one from 1030 • Current technology: perform 1010 ops/sec • Require 1020 secs – 1012 years • Reality Check: • Cryptanalyst won’t just try the “hard” ways • Ex: more clever approach, might only take 1015 ops • 1010 ops/sec, 1015 ops will take about one day • Breakability estimates are based on CURRENT technology CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Character Representations • Study ways to encrypt any computer material: • ASCII/EBCDIC chars • Binary data or Object code • Control stream CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Substitution-based Encryption • Monoalphabetic Ciphers • Caesar Cipher: ci = E(pi) = pi + 3 • wuhdwb lpsrvvleoh, • wklv phvvdjh lv qrw wrr kdug wr euhdn • Easy to perform in field (no written instructions) • Permutation: reordering of the elements • ci= ap(pi) ; p (l) = 25- l • Use a key: • Weakness: study frequency distribution CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Polyalphabetic Substitution Ciphers • Desire flat distribution • Combine distributions that are high with low ones • Encipher T as a and sometimes as b • Also encipher X as a and sometimes as b • Use two separate encryption alphabets • Tables for odd and even positions p1 (l) = (3 * l) mod 26 p2 (l) =( (5 * l) + 13) mod 26 TREAT YIMPO SSIBL E Fumnf dyvtf czysh h CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Substitution Discussion • Major weakness: • frequency distribution • (index of coincidence: measure of variation between frequencies in a distribution) • Some letters are just used more frequently than others • Numerous enciphering techniques still can make it difficult to hide these patterns • Kasiski Method: find number of alphabets used • Identify repeated patterns of 3 or more chars • For each pattern, write down position at which each instance of pattern begins • Compute difference between start points of success instances • Determine all factors of each difference • If polyalphabetic subst used, key length will be one of the factors that appears often in previous step. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Transpositions (Permutations) • Definition: encryption where letters are rearranged. • Goal: diffusion, spread info from message or key out widely across the ciphertext. • Try to break established patterns. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Transposition Techniques • Columnar Transpositions: • Rearrangement of chars of plaintext into cols tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasns CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Transpositions • Digram: patterns of adjacent letters. • Study 2 and 3 letter combinations of adj letters • Double Transposition Alg: • Involves 2 columnar transpositions • With different number of columns, applied sequentially. • Fractionated Morse: • keyed monoalphabetic cipher • Result is subsequently blocked (clustered) • Morse code is used as its basis CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Secure Encryption Systems • Previous algs could be completed manually, although tedious • Decryption could also be done manually • New technology requires more “hard” encryption algs to hinder cryptanalysts • Review 3 key, important encryption algs • Look at recent developments. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Important Encryption Algs • Merkle-Hellman knapsack: • Alg based on “hard” problems (NP-complete) • Rivest-Shamir-Adelman (RSA): • More resilient to attacks than Merkle alg • Data Encryption Standard (DES): • Developed with support from NIST • Provide secure encryption for commerical applications • Clipper program: • Skipjack: cryptographic alg – maintain secrecy CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Some “Hard” theories • NP-complete: • Encryption algs that would require NP-complete alg to decrypt • Number theory: • Inverses • Primes • Modular Arithmetic • Euclidean alg: procedure for computing gcd of 2 numbers. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Public Key Encryption • Traditional key system: • Need a key for every pair of users • N*(N-1)/2 keys, grows exponentially with users • Each user has to keep track of many keys • Public key (asymmetric encryption system) • Each user has 2 keys: public and private key • May publish the public key freely, inverses • P=D(kPRIV,E(kPUB,P)) • Only 2 keys are needed per user • B, C, and D can ally encrypt mesgs for A with A’s public key CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Merkle-Hellman Knapsacks • Knapsack problem: • Set of positive integers • Target sum • Find subset of integers that equal the target • NP-complete alg. • Encode binary mesg as soln to knapsack problem • Reduce ciphertext to target sum • By adding terms corresponding to 1s in plaintext • Convert blocks of plaintext to knapsack sum by adding into sum the terms that match with 1 bits in plaintext. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Superincreasing Knapsack • Superincreasing sequence: • Each integer is greater than sum of all preceding integers • ak > Sj=1k-1aj • Solution of superincreasing knapsack (e.g., simple knapsack) is easy to find • Convert simple knapsack into Hard knapsack • Pick superincreasing sequence S of m integers • S =[s1, s2,.., sm] • Choose multiplierwand modulusn, n > Sj=1m-1si • Choose n to be prime • Replace everysjin simple knapsack with term: • hi= w* si mod n • Hard knapsack: H =[h1, h2,.., hm] CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Merkle-Hellman (cont’d) • Merkle-Hellman is Public key cryptosystem • Each user has public key: • Set of integers of a knapsack problem • Each user has private key • Set of integers for corresponding superincreasing knapsack • Contribution: design of technique to convert superincreasing knapsack into a regular one. • Change numbers in nonobvious, reversible way. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Merkle-Hellman (cont’d) • Encryption alg starts with binary message • P = [p1, p2,.., pk] • Divide message into blocks of m bits, • P0 = [p1, p2,.., pm], P1 = [p1, p2,.., p2m], • Value of m is number of terms in simple or hard knapsack • Encipherment of message P is sequence of targets • Each target is sum of some of the terms of the hard knapsack H • Terms selected correspond to 1 bits in Pi, • Piserves as selection vector for elts of H • Each term of ciphertext isPi * H CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Merkle-Hellman (cont’d) • Decryption: • Legitimate recipient knows simple knapsack and values of w and n • H = w * S mod n • C = H * P – w* S* P mod n • To decipher, multiply C by w-1 • w-1 * C = w-1 * H * P = w-1 * w * S * P = S * P mod n • Weaknesses: • How easy is it to determine w or n from H? CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Example • S= [1,2,4,9]; H= [15,13,9,16], • w= 15, n= 17, m = 4; hi= w* si mod n • P = 0100101110100101 • Encode with H as follows: • P = 0100 1011 1010 0101 • [0,1,0,0] * [15,13,9,16] = 13 • [1,0,1,1] * [15,13,9,16] = 40 • [1,0,1,0] * [15,13,9,16] = 24 • [0,1,0,1] * [15,13,9,16] = 29 • Encrypted message as integers: 13,40,24,29, • Public knapsack H = [15,13,9,16] CSE870: Advanced Software Engineering: Cheng (Sp 2002)
RSA: Rivest-Shamir-Adelman • Superficially looks similar to Merkle-Hellman: • Exploits number theory and finding prime factors of a target: • C = Pe mod n; P = Cd mod n • Symmetry in modular arithmetic • encryption/decryption are mutual inverses and commutative. • P = Cd mod n = (Pe)d mod n = (Pd)e mod n • Choosing keys: (e, n) and (d,n) • Select value for n • should be quite large: a product of two large primes p and q (100 digits ea) • Select value for e: relatively prime to (p –1) * (q-1) • E has no common factors with above product. • Choose e as prime larger than both (p-1) and (q-1) • Select value for d: e * d = 1 mod (p-1) * (q-1) • How to use: user distributes e and n, keeps d secret • To encrypt, need to find large prime numbers. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
DES: Data Encryption Standard • Developed for US govt for general public use. • Repeats 16 cycles of substitution and transposition • Shannon’s theory of information secrecy • Confusion: info is changed so that output bits have no obvious relation to input bits • Diffusion: spread the effect of one plaintext bits to other ciphertext bits. • Splits data block into 2 pieces: • Scrambles each half independently • Combines key with one half • (key is transformed during each cycle) • Swap 2 halves • Repeat 16 times. CSE870: Advanced Software Engineering: Cheng (Sp 2002)
Right Half Left Half New Right Half Permuted Key + + Key shifted One Cycle in DES Permuted Data New Left Half (Old Right Half) [Pfleeger97] CSE870: Advanced Software Engineering: Cheng (Sp 2002)